GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-21 03:19:28 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01 298,09GB Running: syg6uu97.exe; Driver: C:\Users\BXXXXX~1\AppData\Local\Temp\kxtdqkod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0x8FEE052E] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwAlpcConnectPort [0x8FEE093A] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwAlpcCreatePort [0x8FEE08E8] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwConnectPort [0x8FEDF774] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateEvent [0x8FEDE84A] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateEventPair [0x8FEDE8A2] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateFile [0x8FEE015C] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateMutant [0x8FEDE7F4] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreatePort [0x8FEDE79C] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateSection [0x8FEDFE78] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateSemaphore [0x8FEDE8F4] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0x8FEE17CC] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateThread [0x8FEDF11E] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwLoadDriver [0x8FEE11D2] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0x8FEDFA4C] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwOpenFile [0x8FEE0354] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwOpenSection [0x8FEDFD00] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwSetInformationProcess [0x8FEE0722] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0x8FEE14D2] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwShutdownSystem [0x8FEDF9C2] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0x8FEDFBEC] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwTerminateProcess [0x8FEDF554] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwTerminateThread [0x8FEDF322] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateThreadEx [0x8FEE0B84] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 119 82AB979C 4 Bytes [2E, 05, EE, 8F] .text ntkrnlpa.exe!KeSetEvent + 13D 82AB97C0 8 Bytes [3A, 09, EE, 8F, E8, 08, EE, ...] .text ntkrnlpa.exe!KeSetEvent + 1C1 82AB9844 4 Bytes [74, F7, ED, 8F] .text ntkrnlpa.exe!KeSetEvent + 1D1 82AB9854 12 Bytes [4A, E8, ED, 8F, A2, E8, ED, ...] .text ntkrnlpa.exe!KeSetEvent + 1F5 82AB9878 4 Bytes [F4, E7, ED, 8F] .text ... .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AD5D480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AD9E900, 0x3CA, 0x48000040] ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[292] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 719C000A .text C:\Windows\Explorer.EXE[292] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[292] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [62, 71] .text C:\Windows\Explorer.EXE[292] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[292] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\Explorer.EXE[292] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7175000A .text C:\Windows\Explorer.EXE[292] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 717E000A .text C:\Windows\Explorer.EXE[292] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[292] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [92, 71] .text C:\Windows\Explorer.EXE[292] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\Explorer.EXE[292] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 7181000A .text C:\Windows\Explorer.EXE[292] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 717B000A .text C:\Windows\Explorer.EXE[292] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7178000A .text C:\Windows\Explorer.EXE[292] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7184000A .text C:\Windows\Explorer.EXE[292] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 718A000A .text C:\Windows\Explorer.EXE[292] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 718D000A .text C:\Windows\Explorer.EXE[292] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7187000A .text C:\Windows\Explorer.EXE[292] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 716C000A .text C:\Windows\Explorer.EXE[292] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7169000A .text C:\Windows\Explorer.EXE[292] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7166000A .text C:\Windows\Explorer.EXE[292] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Windows\Explorer.EXE[292] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Windows\Explorer.EXE[292] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 7190000A .text C:\Windows\system32\Dwm.exe[308] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\Dwm.exe[308] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[308] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\Dwm.exe[308] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[308] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\Dwm.exe[308] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\Dwm.exe[308] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\Dwm.exe[308] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[308] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\Dwm.exe[308] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\Dwm.exe[308] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\Dwm.exe[308] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\Dwm.exe[308] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\Dwm.exe[308] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\Dwm.exe[308] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\Dwm.exe[308] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\Dwm.exe[308] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\Dwm.exe[308] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\Dwm.exe[308] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\Dwm.exe[308] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\Dwm.exe[308] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[604] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[712] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Windows\system32\services.exe[740] services.exe 00141628 4 Bytes [30, 9D, E8, 75] .text C:\Windows\system32\services.exe[740] services.exe 00141638 4 Bytes [10, A1, E8, 75] .text C:\Windows\system32\services.exe[740] services.exe 00141658 4 Bytes [90, 9A, E8, 75] .text C:\Windows\system32\services.exe[740] services.exe 00141668 4 Bytes [30, 9F, E8, 75] .text C:\Windows\system32\services.exe[740] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\services.exe[740] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[740] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [71, 71] {JNO 0x73} .text C:\Windows\system32\services.exe[740] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[740] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\services.exe[740] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 717E000A .text C:\Windows\system32\services.exe[740] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 7187000A .text C:\Windows\system32\services.exe[740] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[740] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\services.exe[740] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\services.exe[740] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718A000A .text C:\Windows\system32\services.exe[740] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7184000A .text C:\Windows\system32\services.exe[740] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7181000A .text C:\Windows\system32\services.exe[740] RPCRT4.dll!RpcServerRegisterIfEx 771578BC 6 Bytes JMP 7199000A .text C:\Windows\system32\services.exe[740] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717B000A .text C:\Windows\system32\services.exe[740] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7178000A .text C:\Windows\system32\services.exe[740] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7175000A .text C:\Windows\system32\services.exe[740] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 718D000A .text C:\Windows\system32\services.exe[740] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7193000A .text C:\Windows\system32\services.exe[740] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7196000A .text C:\Windows\system32\services.exe[740] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7190000A .text C:\Windows\system32\services.exe[740] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\lsass.exe[756] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\lsass.exe[756] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[756] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\lsass.exe[756] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[756] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\lsass.exe[756] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\lsass.exe[756] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\lsass.exe[756] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[756] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\lsass.exe[756] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\lsass.exe[756] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\lsass.exe[756] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\lsass.exe[756] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\lsass.exe[756] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\lsass.exe[756] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\lsass.exe[756] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\lsass.exe[756] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\lsass.exe[756] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\lsass.exe[756] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\lsass.exe[756] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\lsass.exe[756] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\lsm.exe[764] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\lsm.exe[764] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[764] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\lsm.exe[764] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[764] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\lsm.exe[764] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\lsm.exe[764] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\lsm.exe[764] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[764] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\lsm.exe[764] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\lsm.exe[764] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\lsm.exe[764] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\lsm.exe[764] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\lsm.exe[764] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\lsm.exe[764] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\lsm.exe[764] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\lsm.exe[764] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\lsm.exe[764] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\lsm.exe[764] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\lsm.exe[764] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\lsm.exe[764] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe[948] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[976] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [71, 71] {JNO 0x73} .text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[976] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[976] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\svchost.exe[976] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[976] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[976] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[976] RPCRT4.dll!RpcServerRegisterIfEx 771578BC 6 Bytes JMP 7199000A .text C:\Windows\system32\svchost.exe[976] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717B000A .text C:\Windows\system32\svchost.exe[976] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7178000A .text C:\Windows\system32\svchost.exe[976] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7175000A .text C:\Windows\system32\svchost.exe[976] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 718D000A .text C:\Windows\system32\svchost.exe[976] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7193000A .text C:\Windows\system32\svchost.exe[976] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7196000A .text C:\Windows\system32\svchost.exe[976] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7190000A .text C:\Windows\system32\svchost.exe[976] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[988] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[988] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[988] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\svchost.exe[988] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\svchost.exe[988] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[988] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\svchost.exe[988] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\svchost.exe[988] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\svchost.exe[988] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\svchost.exe[988] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\svchost.exe[988] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[988] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Windows\system32\svchost.exe[988] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] KERNEL32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] KERNEL32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] KERNEL32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] KERNEL32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] KERNEL32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] KERNEL32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] KERNEL32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] KERNEL32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] shell32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1024] shell32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Windows\system32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\svchost.exe[1072] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1072] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [71, 71] {JNO 0x73} .text C:\Windows\system32\svchost.exe[1072] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1072] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1072] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[1072] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1072] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1072] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\svchost.exe[1072] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1072] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[1072] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[1072] RPCRT4.dll!RpcServerRegisterIfEx 771578BC 6 Bytes JMP 7199000A .text C:\Windows\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717B000A .text C:\Windows\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7178000A .text C:\Windows\system32\svchost.exe[1072] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7175000A .text C:\Windows\system32\svchost.exe[1072] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 718D000A .text C:\Windows\system32\svchost.exe[1072] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7193000A .text C:\Windows\system32\svchost.exe[1072] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7196000A .text C:\Windows\system32\svchost.exe[1072] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7190000A .text C:\Windows\system32\svchost.exe[1072] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[1072] rpcss.dll!WhichService 72833F84 8 Bytes CALL 5B136FFE .text C:\Windows\system32\PnkBstrA.exe[1080] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\PnkBstrA.exe[1080] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[1080] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Windows\system32\PnkBstrA.exe[1080] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[1080] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\PnkBstrA.exe[1080] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\PnkBstrA.exe[1080] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\PnkBstrA.exe[1080] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[1080] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\PnkBstrA.exe[1080] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\PnkBstrA.exe[1080] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\PnkBstrA.exe[1080] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\PnkBstrA.exe[1080] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\PnkBstrA.exe[1080] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Windows\system32\PnkBstrA.exe[1080] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Windows\system32\PnkBstrA.exe[1080] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Windows\system32\PnkBstrA.exe[1080] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\PnkBstrA.exe[1080] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\PnkBstrA.exe[1080] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\PnkBstrA.exe[1080] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\PnkBstrA.exe[1080] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Windows\system32\PnkBstrA.exe[1080] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Windows\system32\PnkBstrA.exe[1080] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1160] ntdll.dll!NtAllocateVirtualMemory 77CA3F20 5 Bytes JMP 0089E6A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1160] ntdll.dll!NtCreateFile 77CA41C0 5 Bytes JMP 009476C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1160] ntdll.dll!NtOpenFile 77CA49A0 5 Bytes JMP 009475D0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\Internet Explorer\iexplore.exe[1176] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Internet Explorer\iexplore.exe[1176] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\Internet Explorer\iexplore.exe[1176] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Internet Explorer\iexplore.exe[1176] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Internet Explorer\iexplore.exe[1176] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Internet Explorer\iexplore.exe[1176] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Internet Explorer\iexplore.exe[1176] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] USER32.dll!EnableWindow 77A3CD8B 5 Bytes JMP 6A0AA1D4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1176] USER32.dll!DialogBoxParamW 77A610B0 5 Bytes JMP 6A001883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1176] USER32.dll!DialogBoxIndirectParamW 77A62EF5 5 Bytes JMP 6A1FED66 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1176] USER32.dll!DialogBoxParamA 77A78152 5 Bytes JMP 6A1FED01 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1176] USER32.dll!DialogBoxIndirectParamA 77A7847D 5 Bytes JMP 6A1FEDCB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1176] USER32.dll!MessageBoxIndirectA 77A8D4D9 5 Bytes JMP 6A1FEC88 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1176] USER32.dll!MessageBoxIndirectW 77A8D5D3 5 Bytes JMP 6A1FEC0F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1176] USER32.dll!MessageBoxExA 77A8D639 5 Bytes JMP 6A1FEBAB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1176] USER32.dll!MessageBoxExW 77A8D65D 5 Bytes JMP 6A1FEB47 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1176] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\Internet Explorer\iexplore.exe[1176] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\svchost.exe[1220] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\svchost.exe[1220] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\svchost.exe[1220] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\svchost.exe[1220] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\svchost.exe[1220] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[1224] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\svchost.exe[1224] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\svchost.exe[1224] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1224] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\svchost.exe[1224] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\svchost.exe[1224] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\svchost.exe[1224] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\svchost.exe[1224] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\svchost.exe[1224] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[1224] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Windows\system32\svchost.exe[1224] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1248] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Windows\System32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\System32\svchost.exe[1280] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1280] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\System32\svchost.exe[1280] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1280] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\System32\svchost.exe[1280] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\System32\svchost.exe[1280] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\System32\svchost.exe[1280] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1280] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\System32\svchost.exe[1280] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\System32\svchost.exe[1280] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\System32\svchost.exe[1280] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\System32\svchost.exe[1280] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\System32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\System32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\System32\svchost.exe[1280] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\System32\svchost.exe[1280] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\System32\svchost.exe[1280] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\System32\svchost.exe[1280] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\System32\svchost.exe[1280] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\System32\svchost.exe[1280] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\System32\svchost.exe[1280] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Windows\System32\svchost.exe[1280] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [71, 71] {JNO 0x73} .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\System32\svchost.exe[1336] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 717E000A .text C:\Windows\System32\svchost.exe[1336] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 7187000A .text C:\Windows\System32\svchost.exe[1336] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1336] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\System32\svchost.exe[1336] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\System32\svchost.exe[1336] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718A000A .text C:\Windows\System32\svchost.exe[1336] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7184000A .text C:\Windows\System32\svchost.exe[1336] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7181000A .text C:\Windows\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717B000A .text C:\Windows\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7178000A .text C:\Windows\System32\svchost.exe[1336] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7175000A .text C:\Windows\System32\svchost.exe[1336] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 718D000A .text C:\Windows\System32\svchost.exe[1336] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\System32\svchost.exe[1336] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\System32\svchost.exe[1336] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\System32\svchost.exe[1336] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\System32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\System32\svchost.exe[1372] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1372] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [71, 71] {JNO 0x73} .text C:\Windows\System32\svchost.exe[1372] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1372] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\System32\svchost.exe[1372] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\System32\svchost.exe[1372] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\System32\svchost.exe[1372] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\System32\svchost.exe[1372] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\System32\svchost.exe[1372] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\System32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717B000A .text C:\Windows\System32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7178000A .text C:\Windows\System32\svchost.exe[1372] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7175000A .text C:\Windows\System32\svchost.exe[1372] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\System32\svchost.exe[1372] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\System32\svchost.exe[1372] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\System32\svchost.exe[1372] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\System32\svchost.exe[1372] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\System32\svchost.exe[1372] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Windows\System32\svchost.exe[1372] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7180000A .text C:\Windows\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\svchost.exe[1380] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\svchost.exe[1380] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\svchost.exe[1380] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\svchost.exe[1380] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\svchost.exe[1380] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\svchost.exe[1380] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[1404] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[1404] RPCRT4.dll!RpcServerRegisterIfEx 771578BC 6 Bytes JMP 7199000A .text C:\Windows\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717B000A .text C:\Windows\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Windows\system32\svchost.exe[1404] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Windows\system32\svchost.exe[1404] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 718D000A .text C:\Windows\system32\svchost.exe[1404] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7193000A .text C:\Windows\system32\svchost.exe[1404] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7196000A .text C:\Windows\system32\svchost.exe[1404] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7190000A .text C:\Windows\system32\svchost.exe[1404] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[1404] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 7169000A .text C:\Windows\system32\svchost.exe[1404] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 716C000A .text C:\Windows\system32\igfxsrvc.exe[1456] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\igfxsrvc.exe[1456] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\igfxsrvc.exe[1456] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\igfxsrvc.exe[1456] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\igfxsrvc.exe[1456] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\igfxsrvc.exe[1456] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\igfxsrvc.exe[1456] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\igfxsrvc.exe[1456] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\igfxsrvc.exe[1456] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\igfxsrvc.exe[1456] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\igfxsrvc.exe[1456] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\igfxsrvc.exe[1456] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\igfxsrvc.exe[1456] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\igfxsrvc.exe[1456] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\igfxsrvc.exe[1456] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\igfxsrvc.exe[1456] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\igfxsrvc.exe[1456] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\igfxsrvc.exe[1456] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\igfxsrvc.exe[1456] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\igfxsrvc.exe[1456] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\igfxsrvc.exe[1456] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\AUDIODG.EXE[1476] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A7001E .text C:\Windows\system32\AUDIODG.EXE[1476] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\AUDIODG.EXE[1476] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [71, 71] {JNO 0x73} .text C:\Windows\system32\AUDIODG.EXE[1476] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\AUDIODG.EXE[1476] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\AUDIODG.EXE[1476] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7180001E .text C:\Windows\system32\AUDIODG.EXE[1476] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 7189001E .text C:\Windows\system32\AUDIODG.EXE[1476] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\AUDIODG.EXE[1476] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\AUDIODG.EXE[1476] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\AUDIODG.EXE[1476] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718C001E .text C:\Windows\system32\AUDIODG.EXE[1476] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7186001E .text C:\Windows\system32\AUDIODG.EXE[1476] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7183001E .text C:\Windows\system32\AUDIODG.EXE[1476] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719B001E .text C:\Windows\system32\AUDIODG.EXE[1476] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 718F001E .text C:\Windows\system32\AUDIODG.EXE[1476] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7195001E .text C:\Windows\system32\AUDIODG.EXE[1476] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7198001E .text C:\Windows\system32\AUDIODG.EXE[1476] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7192001E .text C:\Windows\system32\AUDIODG.EXE[1476] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717A001E .text C:\Windows\system32\AUDIODG.EXE[1476] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7177001E .text C:\Windows\system32\AUDIODG.EXE[1476] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7174001E .text C:\Windows\system32\svchost.exe[1500] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [71, 71] {JNO 0x73} .text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[1500] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[1500] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\svchost.exe[1500] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\svchost.exe[1500] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\svchost.exe[1500] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\svchost.exe[1500] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\svchost.exe[1500] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\svchost.exe[1500] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[1564] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[1564] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[1564] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\svchost.exe[1564] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\svchost.exe[1564] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\svchost.exe[1564] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\svchost.exe[1564] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\svchost.exe[1564] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\svchost.exe[1564] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[1564] shell32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Windows\system32\svchost.exe[1564] shell32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] KERNEL32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] KERNEL32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] KERNEL32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] KERNEL32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] KERNEL32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] KERNEL32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] KERNEL32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] KERNEL32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] shell32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[1616] shell32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Windows\System32\igfxtray.exe[1840] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\System32\igfxtray.exe[1840] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxtray.exe[1840] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Windows\System32\igfxtray.exe[1840] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxtray.exe[1840] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\System32\igfxtray.exe[1840] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\System32\igfxtray.exe[1840] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\System32\igfxtray.exe[1840] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxtray.exe[1840] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\System32\igfxtray.exe[1840] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\System32\igfxtray.exe[1840] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\System32\igfxtray.exe[1840] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\System32\igfxtray.exe[1840] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\System32\igfxtray.exe[1840] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Windows\System32\igfxtray.exe[1840] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Windows\System32\igfxtray.exe[1840] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Windows\System32\igfxtray.exe[1840] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\System32\igfxtray.exe[1840] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\System32\igfxtray.exe[1840] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\System32\igfxtray.exe[1840] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\System32\igfxtray.exe[1840] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\System32\igfxtray.exe[1840] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Windows\System32\igfxtray.exe[1840] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1848] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\System32\spoolsv.exe[1956] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\System32\spoolsv.exe[1956] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1956] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\System32\spoolsv.exe[1956] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1956] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\System32\spoolsv.exe[1956] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\System32\spoolsv.exe[1956] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\System32\spoolsv.exe[1956] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1956] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\System32\spoolsv.exe[1956] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\System32\spoolsv.exe[1956] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\System32\spoolsv.exe[1956] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\System32\spoolsv.exe[1956] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\System32\spoolsv.exe[1956] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\System32\spoolsv.exe[1956] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\System32\spoolsv.exe[1956] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\System32\spoolsv.exe[1956] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\System32\spoolsv.exe[1956] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\System32\spoolsv.exe[1956] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\System32\spoolsv.exe[1956] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\System32\spoolsv.exe[1956] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\System32\spoolsv.exe[1956] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Windows\System32\spoolsv.exe[1956] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Windows\system32\svchost.exe[1984] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\svchost.exe[1984] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1984] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [71, 71] {JNO 0x73} .text C:\Windows\system32\svchost.exe[1984] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1984] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[1984] RPCRT4.dll!RpcServerRegisterIfEx 771578BC 6 Bytes JMP 7199000A .text C:\Windows\system32\svchost.exe[1984] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717B000A .text C:\Windows\system32\svchost.exe[1984] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7178000A .text C:\Windows\system32\svchost.exe[1984] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7175000A .text C:\Windows\system32\svchost.exe[1984] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 718D000A .text C:\Windows\system32\svchost.exe[1984] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7193000A .text C:\Windows\system32\svchost.exe[1984] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7196000A .text C:\Windows\system32\svchost.exe[1984] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7190000A .text C:\Windows\system32\svchost.exe[1984] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[1984] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716C000A .text C:\Windows\system32\svchost.exe[1984] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 716F000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[2084] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [69, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[2084] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[2084] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[2084] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 717C000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 7185000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[2084] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[2084] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 7188000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7182000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 717F000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 718B000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7191000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 718E000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7173000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7170000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 716D000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 7176000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7179000A .text C:\Program Files\Windows Defender\MSASCui.exe[2084] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] KERNEL32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] KERNEL32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] KERNEL32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] KERNEL32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] KERNEL32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] KERNEL32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] KERNEL32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] KERNEL32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] shell32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Program Files\Toshiba TEMPRO\TempoSVC.exe[2104] shell32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2204] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\conime.exe[2216] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\conime.exe[2216] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[2216] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\conime.exe[2216] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[2216] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\conime.exe[2216] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\conime.exe[2216] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\conime.exe[2216] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[2216] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\conime.exe[2216] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\conime.exe[2216] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\conime.exe[2216] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\conime.exe[2216] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\conime.exe[2216] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\conime.exe[2216] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\conime.exe[2216] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\conime.exe[2216] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\conime.exe[2216] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\conime.exe[2216] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\conime.exe[2216] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\conime.exe[2216] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2228] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] KERNEL32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] KERNEL32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] KERNEL32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] KERNEL32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] KERNEL32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] KERNEL32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] KERNEL32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] KERNEL32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] shell32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe[2252] shell32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Windows\system32\TODDSrv.exe[2268] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\TODDSrv.exe[2268] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\TODDSrv.exe[2268] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\TODDSrv.exe[2268] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\TODDSrv.exe[2268] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\TODDSrv.exe[2268] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\TODDSrv.exe[2268] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\TODDSrv.exe[2268] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\TODDSrv.exe[2268] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\TODDSrv.exe[2268] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\TODDSrv.exe[2268] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\TODDSrv.exe[2268] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\TODDSrv.exe[2268] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\TODDSrv.exe[2268] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\TODDSrv.exe[2268] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\TODDSrv.exe[2268] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\TODDSrv.exe[2268] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\TODDSrv.exe[2268] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\TODDSrv.exe[2268] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\TODDSrv.exe[2268] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\TODDSrv.exe[2268] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2292] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2356] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2384] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\System32\svchost.exe[2404] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\System32\svchost.exe[2404] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2404] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\System32\svchost.exe[2404] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2404] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\System32\svchost.exe[2404] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\System32\svchost.exe[2404] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\System32\svchost.exe[2404] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2404] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\System32\svchost.exe[2404] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\System32\svchost.exe[2404] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\System32\svchost.exe[2404] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\System32\svchost.exe[2404] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\System32\svchost.exe[2404] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\System32\svchost.exe[2404] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\System32\svchost.exe[2404] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\System32\svchost.exe[2404] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\System32\svchost.exe[2404] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\System32\svchost.exe[2404] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\System32\svchost.exe[2404] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\System32\svchost.exe[2404] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\System32\svchost.exe[2404] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Windows\System32\svchost.exe[2404] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Windows\system32\SearchIndexer.exe[2432] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 719C000A .text C:\Windows\system32\SearchIndexer.exe[2432] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2432] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [62, 71] .text C:\Windows\system32\SearchIndexer.exe[2432] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2432] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\SearchIndexer.exe[2432] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7175000A .text C:\Windows\system32\SearchIndexer.exe[2432] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 717E000A .text C:\Windows\system32\SearchIndexer.exe[2432] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2432] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [92, 71] .text C:\Windows\system32\SearchIndexer.exe[2432] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\SearchIndexer.exe[2432] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 7181000A .text C:\Windows\system32\SearchIndexer.exe[2432] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 717B000A .text C:\Windows\system32\SearchIndexer.exe[2432] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7178000A .text C:\Windows\system32\SearchIndexer.exe[2432] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 716C000A .text C:\Windows\system32\SearchIndexer.exe[2432] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7169000A .text C:\Windows\system32\SearchIndexer.exe[2432] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7166000A .text C:\Windows\system32\SearchIndexer.exe[2432] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7184000A .text C:\Windows\system32\SearchIndexer.exe[2432] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 718A000A .text C:\Windows\system32\SearchIndexer.exe[2432] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 718D000A .text C:\Windows\system32\SearchIndexer.exe[2432] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7187000A .text C:\Windows\system32\SearchIndexer.exe[2432] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 7190000A .text C:\Windows\system32\SearchIndexer.exe[2432] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716F000A .text C:\Windows\system32\SearchIndexer.exe[2432] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [73, 71] {JAE 0x73} .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\DRIVERS\xaudio.exe[2472] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7177000A .text C:\Windows\system32\taskeng.exe[2680] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\taskeng.exe[2680] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[2680] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Windows\system32\taskeng.exe[2680] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[2680] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\taskeng.exe[2680] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\taskeng.exe[2680] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\taskeng.exe[2680] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[2680] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\taskeng.exe[2680] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\taskeng.exe[2680] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\taskeng.exe[2680] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\taskeng.exe[2680] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\taskeng.exe[2680] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Windows\system32\taskeng.exe[2680] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Windows\system32\taskeng.exe[2680] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Windows\system32\taskeng.exe[2680] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\taskeng.exe[2680] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\taskeng.exe[2680] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\taskeng.exe[2680] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\taskeng.exe[2680] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Windows\system32\taskeng.exe[2680] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Windows\system32\taskeng.exe[2680] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\taskeng.exe[2688] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\taskeng.exe[2688] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\taskeng.exe[2688] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[2688] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\taskeng.exe[2688] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\taskeng.exe[2688] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\taskeng.exe[2688] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\taskeng.exe[2688] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\taskeng.exe[2688] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Windows\system32\taskeng.exe[2688] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Windows\system32\taskeng.exe[2688] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Windows\system32\taskeng.exe[2688] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\taskeng.exe[2688] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\taskeng.exe[2688] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\taskeng.exe[2688] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\taskeng.exe[2688] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Windows\system32\taskeng.exe[2688] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Windows\system32\taskeng.exe[2688] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Windows\System32\hkcmd.exe[2840] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\System32\hkcmd.exe[2840] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[2840] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Windows\System32\hkcmd.exe[2840] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[2840] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\System32\hkcmd.exe[2840] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\System32\hkcmd.exe[2840] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\System32\hkcmd.exe[2840] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[2840] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\System32\hkcmd.exe[2840] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\System32\hkcmd.exe[2840] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\System32\hkcmd.exe[2840] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\System32\hkcmd.exe[2840] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\System32\hkcmd.exe[2840] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Windows\System32\hkcmd.exe[2840] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Windows\System32\hkcmd.exe[2840] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Windows\System32\hkcmd.exe[2840] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\System32\hkcmd.exe[2840] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\System32\hkcmd.exe[2840] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\System32\hkcmd.exe[2840] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\System32\hkcmd.exe[2840] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\System32\hkcmd.exe[2840] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Windows\System32\hkcmd.exe[2840] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[2964] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 7136000A .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtAlpcConnectPort 77CA3F50 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtAlpcConnectPort + 4 77CA3F54 2 Bytes [80, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtAlpcCreatePort 77CA3F60 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtAlpcCreatePort + 4 77CA3F64 2 Bytes [83, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [38, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtConnectPort 77CA4160 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtConnectPort + 4 77CA4164 2 Bytes [56, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateEvent 77CA41A0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateEvent + 4 77CA41A4 2 Bytes [6E, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateEventPair 77CA41B0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateEventPair + 4 77CA41B4 2 Bytes [68, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateFile 77CA41C0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateFile + 4 77CA41C4 2 Bytes [47, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateMutant 77CA4230 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateMutant + 4 77CA4234 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateNamedPipeFile 77CA4240 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateNamedPipeFile + 4 77CA4244 2 Bytes [4A, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreatePort 77CA4270 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreatePort + 4 77CA4274 2 Bytes [5C, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateSection 77CA42B0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateSection + 4 77CA42B4 2 Bytes [50, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateSemaphore 77CA42C0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateSemaphore + 4 77CA42C4 2 Bytes [62, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateWaitablePort 77CA4530 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateWaitablePort + 4 77CA4534 2 Bytes [53, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtFsControlFile 77CA4760 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtFsControlFile + 4 77CA4764 2 Bytes [3E, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtOpenEvent 77CA4980 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtOpenEvent + 4 77CA4984 2 Bytes [6B, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtOpenEventPair 77CA4990 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtOpenEventPair + 4 77CA4994 2 Bytes [65, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtOpenFile 77CA49A0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtOpenFile + 4 77CA49A4 2 Bytes [44, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtOpenMutant 77CA49F0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtOpenMutant + 4 77CA49F4 2 Bytes [71, 71] {JNO 0x73} .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtOpenSection 77CA4A50 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtOpenSection + 4 77CA4A54 2 Bytes [4D, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtOpenSemaphore 77CA4A60 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtOpenSemaphore + 4 77CA4A64 2 Bytes [5F, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtQueryVirtualMemory 77CA4DD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtQueryVirtualMemory + 4 77CA4DD4 2 Bytes [41, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtReplyPort 77CA4EE0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtReplyPort + 4 77CA4EE4 2 Bytes [77, 71] {JA 0x73} .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtRequestWaitReplyPort 77CA4F40 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtRequestWaitReplyPort + 4 77CA4F44 2 Bytes [7A, 71] {JP 0x73} .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtSecureConnectPort 77CA4FE0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtSecureConnectPort + 4 77CA4FE4 2 Bytes [59, 71] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtSetSystemTime 77CA51F0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtSetSystemTime + 4 77CA51F4 2 Bytes [3B, 71] .text C:\Windows\system32\svchost.exe[3056] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 70B1000A .text C:\Windows\system32\svchost.exe[3056] kernel32.dll!GetPrivateProfileStringA 77961F91 6 Bytes JMP 71A8000A .text C:\Windows\system32\svchost.exe[3056] kernel32.dll!GetPrivateProfileStringW 77968BCC 6 Bytes JMP 71AB000A .text C:\Windows\system32\svchost.exe[3056] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 70BA000A .text C:\Windows\system32\svchost.exe[3056] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [D1, 70] .text C:\Windows\system32\svchost.exe[3056] kernel32.dll!LoadLibraryExW 77979374 6 Bytes JMP 70D8000A .text C:\Windows\system32\svchost.exe[3056] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AF000A .text C:\Windows\system32\svchost.exe[3056] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 70BD000A .text C:\Windows\system32\svchost.exe[3056] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 70B7000A .text C:\Windows\system32\svchost.exe[3056] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 70B4000A .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!StartServiceCtrlDispatcherA 772C2036 6 Bytes JMP 719F000A .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!RegisterServiceCtrlHandlerA 772C308C 6 Bytes JMP 7196000A .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!RegisterServiceCtrlHandlerExA 772C6678 6 Bytes JMP 7199000A .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!StartServiceCtrlDispatcherW 772CE47D 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!StartServiceCtrlDispatcherW + 4 772CE481 2 Bytes [A1, 71] .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!RegisterServiceCtrlHandlerW 772CE970 6 Bytes JMP 7193000A .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!SetServiceStatus 772CF1F4 6 Bytes JMP 7190000A .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!RegisterServiceCtrlHandlerExW 772CFB41 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!NotifyServiceStatusChange 772D4A6A 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!RegOpenKeyExW 77307B71 6 Bytes JMP 718D000A .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!NotifyServiceStatusChangeA 7730B9FE 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[3056] RPCRT4.dll!RpcServerRegisterIfEx 771578BC 6 Bytes JMP 70CC000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!RegisterClassExA 77A361E1 6 Bytes JMP 7124000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7099000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!GetClassNameA 77A36853 6 Bytes JMP 710C000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!CreateDialogIndirectParamAorW 77A37266 6 Bytes JMP 7103000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!CreateDialogParamW 77A372A2 6 Bytes JMP 7100000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!EnumDesktopWindows 77A37525 6 Bytes JMP 70DC000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7096000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!FindWindowA 77A39D76 6 Bytes JMP 70E8000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7093000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!SetLayeredWindowAttributes 77A3BDB9 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] USER32.dll!SetLayeredWindowAttributes + 4 77A3BDBD 2 Bytes [AD, 70] .text C:\Windows\system32\svchost.exe[3056] USER32.dll!UnregisterClassA 77A3BF81 6 Bytes JMP 711E000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!RegisterClassExW 77A3DA30 6 Bytes JMP 7127000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!CreateWindowExA 77A3DC2A 6 Bytes JMP 7106000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!RegisterClassA 77A3DF42 6 Bytes JMP 712A000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!RegisterClassW 77A3E1AB 6 Bytes JMP 712D000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!GetClassInfoExA 77A3E7EB 6 Bytes JMP 7118000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!GetClassInfoA 77A3E97E 6 Bytes JMP 7112000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!GetClassNameW 77A3EF2B 6 Bytes JMP 710F000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!EnumThreadWindows 77A3F3A8 6 Bytes JMP 70E2000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!FindWindowExA 77A3F6C1 6 Bytes JMP 70EE000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!EnumChildWindows 77A3F9EE 6 Bytes JMP 70DF000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!CreateWindowExW 77A41305 6 Bytes JMP 7109000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!GetShellWindow 77A42032 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[3056] USER32.dll!GetShellWindow + 4 77A42036 2 Bytes [A4, 71] .text C:\Windows\system32\svchost.exe[3056] USER32.dll!GetClassInfoExW 77A47DA7 6 Bytes JMP 711B000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!GetClassInfoW 77A47F13 6 Bytes JMP 7115000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!UnregisterClassW 77A47FDE 6 Bytes JMP 7121000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!EnumWindows 77A482FE 6 Bytes JMP 70E5000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!FindWindowW 77A4A441 6 Bytes JMP 70EB000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!CreateDialogParamA 77A517AA 6 Bytes JMP 70FD000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!CreateDialogIndirectParamA 77A526F1 6 Bytes JMP 70A6000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!CreateDialogIndirectParamW 77A59A62 6 Bytes JMP 70A9000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!DialogBoxParamW 77A610B0 6 Bytes JMP 70FA000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!FindWindowExW 77A6260C 6 Bytes JMP 70F1000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!DialogBoxIndirectParamAorW 77A62EB6 6 Bytes JMP 70F4000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!DialogBoxIndirectParamW 77A62EF5 6 Bytes JMP 70A1000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!DialogBoxParamA 77A78152 6 Bytes JMP 70F7000A .text C:\Windows\system32\svchost.exe[3056] USER32.dll!DialogBoxIndirectParamA 77A7847D 6 Bytes JMP 709E000A .text C:\Windows\system32\svchost.exe[3056] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 70C0000A .text C:\Windows\system32\svchost.exe[3056] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 70C6000A .text C:\Windows\system32\svchost.exe[3056] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 70C9000A .text C:\Windows\system32\svchost.exe[3056] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 70C3000A .text C:\Windows\system32\svchost.exe[3056] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 70CF000A .text C:\Windows\RtHDVCpl.exe[3068] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 719C000A .text C:\Windows\RtHDVCpl.exe[3068] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3068] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [5C, 71] .text C:\Windows\RtHDVCpl.exe[3068] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3068] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\RtHDVCpl.exe[3068] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 716F000A .text C:\Windows\RtHDVCpl.exe[3068] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 7178000A .text C:\Windows\RtHDVCpl.exe[3068] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3068] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [92, 71] .text C:\Windows\RtHDVCpl.exe[3068] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\RtHDVCpl.exe[3068] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 717B000A .text C:\Windows\RtHDVCpl.exe[3068] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7175000A .text C:\Windows\RtHDVCpl.exe[3068] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7172000A .text C:\Windows\RtHDVCpl.exe[3068] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 717E000A .text C:\Windows\RtHDVCpl.exe[3068] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 718A000A .text C:\Windows\RtHDVCpl.exe[3068] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 718D000A .text C:\Windows\RtHDVCpl.exe[3068] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7187000A .text C:\Windows\RtHDVCpl.exe[3068] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7166000A .text C:\Windows\RtHDVCpl.exe[3068] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7163000A .text C:\Windows\RtHDVCpl.exe[3068] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7160000A .text C:\Windows\RtHDVCpl.exe[3068] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 7190000A .text C:\Windows\RtHDVCpl.exe[3068] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 7169000A .text C:\Windows\RtHDVCpl.exe[3068] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 716C000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3136] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe[3212] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Windows\System32\igfxpers.exe[3428] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\System32\igfxpers.exe[3428] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[3428] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Windows\System32\igfxpers.exe[3428] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[3428] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\System32\igfxpers.exe[3428] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\System32\igfxpers.exe[3428] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\System32\igfxpers.exe[3428] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[3428] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\System32\igfxpers.exe[3428] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\System32\igfxpers.exe[3428] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\System32\igfxpers.exe[3428] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\System32\igfxpers.exe[3428] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\System32\igfxpers.exe[3428] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Windows\System32\igfxpers.exe[3428] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Windows\System32\igfxpers.exe[3428] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Windows\System32\igfxpers.exe[3428] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\System32\igfxpers.exe[3428] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\System32\igfxpers.exe[3428] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\System32\igfxpers.exe[3428] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\System32\igfxpers.exe[3428] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Windows\System32\igfxpers.exe[3428] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Windows\System32\igfxpers.exe[3428] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[3588] ntdll.dll!NtAllocateVirtualMemory 77CA3F20 5 Bytes JMP 00192960 C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[3588] ntdll.dll!NtCreateFile 77CA41C0 5 Bytes JMP 00192710 C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[3588] ntdll.dll!NtOpenFile 77CA49A0 5 Bytes JMP 00192620 C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4140] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] ntdll.dll!RtlExitUserThread 77C81C8F 5 Bytes JMP 6A1FF3B4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Internet Explorer\iexplore.exe[4180] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\Internet Explorer\iexplore.exe[4180] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Internet Explorer\iexplore.exe[4180] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Internet Explorer\iexplore.exe[4180] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Internet Explorer\iexplore.exe[4180] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Internet Explorer\iexplore.exe[4180] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] kernel32.dll!TerminateThread 779944DB 5 Bytes JMP 6A1FF3CD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] kernel32.dll!CreateThread 7799CBEE 5 Bytes JMP 6A067453 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!CreateDialogParamW 77A372A2 5 Bytes JMP 6A1FF0D0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!GetAsyncKeyState 77A3863C 5 Bytes JMP 6A04DE25 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 6A0A28B4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!CallNextHookEx 77A38E3B 5 Bytes JMP 6A0C7BF7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!UnhookWindowsHookEx 77A398DB 5 Bytes JMP 6A0EE164 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!EnableWindow 77A3CD8B 5 Bytes JMP 6A0AA1D4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!DefWindowProcA 77A3DB88 7 Bytes JMP 6A069685 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!CreateWindowExA 77A3DC2A 5 Bytes JMP 6A07349B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!CreateWindowExW 77A41305 5 Bytes JMP 6A0CFF83 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!GetKeyState 77A48CB1 5 Bytes JMP 6A04DCFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!DefWindowProcW 77A503B4 7 Bytes JMP 6A0C7C5A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!IsDialogMessageW 77A50745 5 Bytes JMP 6A1FF886 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!CreateDialogParamA 77A517AA 5 Bytes JMP 6A1FF098 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!IsDialogMessage 77A51847 5 Bytes JMP 6A1FF85E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!CreateDialogIndirectParamA 77A526F1 5 Bytes JMP 6A1FF108 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!CreateDialogIndirectParamW 77A59A62 5 Bytes JMP 6A1FF140 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!SetKeyboardState 77A60987 5 Bytes JMP 6A20014D C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!DialogBoxParamW 77A610B0 5 Bytes JMP 6A001883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!DialogBoxIndirectParamW 77A62EF5 5 Bytes JMP 6A1FED66 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!SendInput 77A62F75 5 Bytes JMP 6A2000F5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!EndDialog 77A6326E 5 Bytes JMP 6A1FFB32 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!SetCursorPos 77A76FB2 5 Bytes JMP 6A2001CE C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!DialogBoxParamA 77A78152 5 Bytes JMP 6A1FED01 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!DialogBoxIndirectParamA 77A7847D 5 Bytes JMP 6A1FEDCB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!MessageBoxIndirectA 77A8D4D9 5 Bytes JMP 6A1FEC88 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!MessageBoxIndirectW 77A8D5D3 5 Bytes JMP 6A1FEC0F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!MessageBoxExA 77A8D639 5 Bytes JMP 6A1FEBAB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!MessageBoxExW 77A8D65D 5 Bytes JMP 6A1FEB47 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] USER32.dll!keybd_event 77A8D972 5 Bytes JMP 6A2000B2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] SHELL32.dll!SHRestricted + D95 76458918 4 Bytes [CF, 01, DE, 67] .text C:\Program Files\Internet Explorer\iexplore.exe[4180] SHELL32.dll!SHRestricted + D9D 76458920 8 Bytes [E0, 61, DD, 67, 79, F7, DD, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4180] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\Internet Explorer\iexplore.exe[4180] ole32.dll!OleLoadFromStream 77431E78 5 Bytes JMP 6A1FF590 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4180] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4204] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [68, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 717B000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 7184000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 7187000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7181000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 717E000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 718A000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7172000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 716F000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 716C000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 7175000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4284] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[4316] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\ehome\ehtray.exe[4336] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\ehome\ehtray.exe[4336] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[4336] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Windows\ehome\ehtray.exe[4336] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[4336] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\ehome\ehtray.exe[4336] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\ehome\ehtray.exe[4336] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\ehome\ehtray.exe[4336] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[4336] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\ehome\ehtray.exe[4336] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\ehome\ehtray.exe[4336] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\ehome\ehtray.exe[4336] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\ehome\ehtray.exe[4336] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\ehome\ehtray.exe[4336] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Windows\ehome\ehtray.exe[4336] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Windows\ehome\ehtray.exe[4336] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Windows\ehome\ehtray.exe[4336] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\ehome\ehtray.exe[4336] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\ehome\ehtray.exe[4336] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\ehome\ehtray.exe[4336] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\ehome\ehtray.exe[4336] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Windows\ehome\ehtray.exe[4336] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Windows\ehome\ehtray.exe[4336] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4352] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[4464] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4556] ntdll.dll!NtAllocateVirtualMemory 77CA3F20 5 Bytes JMP 00991A90 C:\Program Files\COMODO\COMODO Internet Security\cis.exe .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] ntdll.dll!DbgBreakPoint 77C886FE 1 Byte [90] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[4612] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716D000A .text C:\Users\UserPC\Desktop\syg6uu97.exe[4620] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7172000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] ntdll.dll!RtlExitUserThread 77C81C8F 5 Bytes JMP 6A1FF3B4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Internet Explorer\iexplore.exe[4688] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\Internet Explorer\iexplore.exe[4688] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Internet Explorer\iexplore.exe[4688] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Internet Explorer\iexplore.exe[4688] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Internet Explorer\iexplore.exe[4688] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Internet Explorer\iexplore.exe[4688] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] kernel32.dll!TerminateThread 779944DB 5 Bytes JMP 6A1FF3CD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] kernel32.dll!CreateThread 7799CBEE 5 Bytes JMP 6A067453 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!CreateDialogParamW 77A372A2 5 Bytes JMP 6A1FF0D0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!GetAsyncKeyState 77A3863C 5 Bytes JMP 6A04DE25 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 6A0A28B4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!CallNextHookEx 77A38E3B 5 Bytes JMP 6A0C7BF7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!UnhookWindowsHookEx 77A398DB 5 Bytes JMP 6A0EE164 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!EnableWindow 77A3CD8B 5 Bytes JMP 6A0AA1D4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!DefWindowProcA 77A3DB88 7 Bytes JMP 6A069685 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!CreateWindowExA 77A3DC2A 5 Bytes JMP 6A07349B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!CreateWindowExW 77A41305 5 Bytes JMP 6A0CFF83 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!GetKeyState 77A48CB1 5 Bytes JMP 6A04DCFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!DefWindowProcW 77A503B4 7 Bytes JMP 6A0C7C5A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!IsDialogMessageW 77A50745 5 Bytes JMP 6A1FF886 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!CreateDialogParamA 77A517AA 5 Bytes JMP 6A1FF098 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!IsDialogMessage 77A51847 5 Bytes JMP 6A1FF85E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!CreateDialogIndirectParamA 77A526F1 5 Bytes JMP 6A1FF108 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!CreateDialogIndirectParamW 77A59A62 5 Bytes JMP 6A1FF140 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!SetKeyboardState 77A60987 5 Bytes JMP 6A20014D C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!DialogBoxParamW 77A610B0 5 Bytes JMP 6A001883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!DialogBoxIndirectParamW 77A62EF5 5 Bytes JMP 6A1FED66 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!SendInput 77A62F75 5 Bytes JMP 6A2000F5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!EndDialog 77A6326E 5 Bytes JMP 6A1FFB32 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!SetCursorPos 77A76FB2 5 Bytes JMP 6A2001CE C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!DialogBoxParamA 77A78152 5 Bytes JMP 6A1FED01 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!DialogBoxIndirectParamA 77A7847D 5 Bytes JMP 6A1FEDCB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!MessageBoxIndirectA 77A8D4D9 5 Bytes JMP 6A1FEC88 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!MessageBoxIndirectW 77A8D5D3 5 Bytes JMP 6A1FEC0F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!MessageBoxExA 77A8D639 5 Bytes JMP 6A1FEBAB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!MessageBoxExW 77A8D65D 5 Bytes JMP 6A1FEB47 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] USER32.dll!keybd_event 77A8D972 5 Bytes JMP 6A2000B2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] SHELL32.dll!SHRestricted + D95 76458918 4 Bytes [CF, 01, DE, 67] .text C:\Program Files\Internet Explorer\iexplore.exe[4688] SHELL32.dll!SHRestricted + D9D 76458920 8 Bytes [E0, 61, DD, 67, 79, F7, DD, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4688] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\Internet Explorer\iexplore.exe[4688] ole32.dll!OleLoadFromStream 77431E78 5 Bytes JMP 6A1FF590 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4688] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[4776] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\ehome\ehmsas.exe[4816] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\ehome\ehmsas.exe[4816] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[4816] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\ehome\ehmsas.exe[4816] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[4816] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\ehome\ehmsas.exe[4816] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\ehome\ehmsas.exe[4816] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\ehome\ehmsas.exe[4816] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[4816] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\ehome\ehmsas.exe[4816] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\ehome\ehmsas.exe[4816] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\ehome\ehmsas.exe[4816] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\ehome\ehmsas.exe[4816] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\ehome\ehmsas.exe[4816] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\ehome\ehmsas.exe[4816] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\ehome\ehmsas.exe[4816] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\ehome\ehmsas.exe[4816] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\ehome\ehmsas.exe[4816] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\ehome\ehmsas.exe[4816] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\ehome\ehmsas.exe[4816] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\ehome\ehmsas.exe[4816] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [6E, 71] .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7178000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7175000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7172000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 717B000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 717E000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4844] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [73, 71] {JAE 0x73} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7177000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] SHELL32.dll!SHFileOperationW 764168E8 6 Bytes JMP 716E000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4956] SHELL32.dll!SHFileOperation 765FCD0D 6 Bytes JMP 7171000A .text C:\Windows\system32\igfxext.exe[5204] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 71A8000A .text C:\Windows\system32\igfxext.exe[5204] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\igfxext.exe[5204] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\igfxext.exe[5204] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\igfxext.exe[5204] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [AE, 71] .text C:\Windows\system32\igfxext.exe[5204] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 7181000A .text C:\Windows\system32\igfxext.exe[5204] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 718A000A .text C:\Windows\system32\igfxext.exe[5204] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\igfxext.exe[5204] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [9E, 71] .text C:\Windows\system32\igfxext.exe[5204] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AC000A .text C:\Windows\system32\igfxext.exe[5204] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 718D000A .text C:\Windows\system32\igfxext.exe[5204] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 7187000A .text C:\Windows\system32\igfxext.exe[5204] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 7184000A .text C:\Windows\system32\igfxext.exe[5204] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 717E000A .text C:\Windows\system32\igfxext.exe[5204] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 717B000A .text C:\Windows\system32\igfxext.exe[5204] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7178000A .text C:\Windows\system32\igfxext.exe[5204] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 7190000A .text C:\Windows\system32\igfxext.exe[5204] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 7196000A .text C:\Windows\system32\igfxext.exe[5204] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 7199000A .text C:\Windows\system32\igfxext.exe[5204] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 7193000A .text C:\Windows\system32\igfxext.exe[5204] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!LdrUnloadDll 77C7B630 6 Bytes JMP 7136000A .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtAlpcConnectPort 77CA3F50 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtAlpcConnectPort + 4 77CA3F54 2 Bytes [80, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtAlpcCreatePort 77CA3F60 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtAlpcCreatePort + 4 77CA3F64 2 Bytes [83, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtAlpcSendWaitReceivePort 77CA4060 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CA4064 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtClose 77CA4100 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtClose + 4 77CA4104 2 Bytes [38, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtConnectPort 77CA4160 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtConnectPort + 4 77CA4164 2 Bytes [56, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateEvent 77CA41A0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateEvent + 4 77CA41A4 2 Bytes [6E, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateEventPair 77CA41B0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateEventPair + 4 77CA41B4 2 Bytes [68, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateFile 77CA41C0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateFile + 4 77CA41C4 2 Bytes [47, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateMutant 77CA4230 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateMutant + 4 77CA4234 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateNamedPipeFile 77CA4240 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateNamedPipeFile + 4 77CA4244 2 Bytes [4A, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreatePort 77CA4270 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreatePort + 4 77CA4274 2 Bytes [5C, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateSection 77CA42B0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateSection + 4 77CA42B4 2 Bytes [50, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateSemaphore 77CA42C0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateSemaphore + 4 77CA42C4 2 Bytes [62, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateWaitablePort 77CA4530 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtCreateWaitablePort + 4 77CA4534 2 Bytes [53, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtFsControlFile 77CA4760 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtFsControlFile + 4 77CA4764 2 Bytes [3E, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtOpenEvent 77CA4980 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtOpenEvent + 4 77CA4984 2 Bytes [6B, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtOpenEventPair 77CA4990 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtOpenEventPair + 4 77CA4994 2 Bytes [65, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtOpenFile 77CA49A0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtOpenFile + 4 77CA49A4 2 Bytes [44, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtOpenMutant 77CA49F0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtOpenMutant + 4 77CA49F4 2 Bytes [71, 71] {JNO 0x73} .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtOpenSection 77CA4A50 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtOpenSection + 4 77CA4A54 2 Bytes [4D, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtOpenSemaphore 77CA4A60 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtOpenSemaphore + 4 77CA4A64 2 Bytes [5F, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtQueryVirtualMemory 77CA4DD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtQueryVirtualMemory + 4 77CA4DD4 2 Bytes [41, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtReplyPort 77CA4EE0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtReplyPort + 4 77CA4EE4 2 Bytes [77, 71] {JA 0x73} .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtRequestWaitReplyPort 77CA4F40 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtRequestWaitReplyPort + 4 77CA4F44 2 Bytes [7A, 71] {JP 0x73} .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtSecureConnectPort 77CA4FE0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtSecureConnectPort + 4 77CA4FE4 2 Bytes [59, 71] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtSetSystemTime 77CA51F0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ntdll.dll!NtSetSystemTime + 4 77CA51F4 2 Bytes [3B, 71] .text C:\Windows\system32\svchost.exe[6000] kernel32.dll!CopyFileExW 77960221 6 Bytes JMP 70B1000A .text C:\Windows\system32\svchost.exe[6000] kernel32.dll!GetPrivateProfileStringA 77961F91 6 Bytes JMP 71A8000A .text C:\Windows\system32\svchost.exe[6000] kernel32.dll!GetPrivateProfileStringW 77968BCC 6 Bytes JMP 71AB000A .text C:\Windows\system32\svchost.exe[6000] kernel32.dll!MoveFileWithProgressW 7797113C 6 Bytes JMP 70BA000A .text C:\Windows\system32\svchost.exe[6000] kernel32.dll!CreateProcessInternalW 77975477 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] kernel32.dll!CreateProcessInternalW + 4 7797547B 2 Bytes [D1, 70] .text C:\Windows\system32\svchost.exe[6000] kernel32.dll!LoadLibraryExW 77979374 6 Bytes JMP 70D8000A .text C:\Windows\system32\svchost.exe[6000] kernel32.dll!LoadLibraryExW + 173 779794E7 4 Bytes JMP 71AF000A .text C:\Windows\system32\svchost.exe[6000] kernel32.dll!MoveFileWithProgressA 779A120E 6 Bytes JMP 70BD000A .text C:\Windows\system32\svchost.exe[6000] kernel32.dll!MoveFileTransactedA 779DFCBB 6 Bytes JMP 70B7000A .text C:\Windows\system32\svchost.exe[6000] kernel32.dll!MoveFileTransactedW 779DFD61 6 Bytes JMP 70B4000A .text C:\Windows\system32\svchost.exe[6000] ADVAPI32.dll!StartServiceCtrlDispatcherA 772C2036 6 Bytes JMP 719F000A .text C:\Windows\system32\svchost.exe[6000] ADVAPI32.dll!RegisterServiceCtrlHandlerA 772C308C 6 Bytes JMP 7196000A .text C:\Windows\system32\svchost.exe[6000] ADVAPI32.dll!RegisterServiceCtrlHandlerExA 772C6678 6 Bytes JMP 7199000A .text C:\Windows\system32\svchost.exe[6000] ADVAPI32.dll!StartServiceCtrlDispatcherW 772CE47D 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] ADVAPI32.dll!StartServiceCtrlDispatcherW + 4 772CE481 2 Bytes [A1, 71] .text C:\Windows\system32\svchost.exe[6000] ADVAPI32.dll!RegisterServiceCtrlHandlerW 772CE970 6 Bytes JMP 7193000A .text C:\Windows\system32\svchost.exe[6000] ADVAPI32.dll!SetServiceStatus 772CF1F4 6 Bytes JMP 7190000A .text C:\Windows\system32\svchost.exe[6000] ADVAPI32.dll!RegisterServiceCtrlHandlerExW 772CFB41 6 Bytes JMP 719C000A .text C:\Windows\system32\svchost.exe[6000] ADVAPI32.dll!NotifyServiceStatusChange 772D4A6A 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[6000] ADVAPI32.dll!RegOpenKeyExW 77307B71 6 Bytes JMP 718D000A .text C:\Windows\system32\svchost.exe[6000] ADVAPI32.dll!NotifyServiceStatusChangeA 7730B9FE 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[6000] RPCRT4.dll!RpcServerRegisterIfEx 771578BC 6 Bytes JMP 70CC000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!RegisterClassExA 77A361E1 6 Bytes JMP 7124000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!SetWindowsHookExA 77A36322 6 Bytes JMP 7099000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!GetClassNameA 77A36853 6 Bytes JMP 710C000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!CreateDialogIndirectParamAorW 77A37266 6 Bytes JMP 7103000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!CreateDialogParamW 77A372A2 6 Bytes JMP 7100000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!EnumDesktopWindows 77A37525 6 Bytes JMP 70DC000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!SetWindowsHookExW 77A387AD 6 Bytes JMP 7096000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!FindWindowA 77A39D76 6 Bytes JMP 70E8000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!SetWinEventHook 77A39F3A 6 Bytes JMP 7093000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!SetLayeredWindowAttributes 77A3BDB9 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] USER32.dll!SetLayeredWindowAttributes + 4 77A3BDBD 2 Bytes [AD, 70] .text C:\Windows\system32\svchost.exe[6000] USER32.dll!UnregisterClassA 77A3BF81 6 Bytes JMP 711E000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!RegisterClassExW 77A3DA30 6 Bytes JMP 7127000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!CreateWindowExA 77A3DC2A 6 Bytes JMP 7106000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!RegisterClassA 77A3DF42 6 Bytes JMP 712A000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!RegisterClassW 77A3E1AB 6 Bytes JMP 712D000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!GetClassInfoExA 77A3E7EB 6 Bytes JMP 7118000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!GetClassInfoA 77A3E97E 6 Bytes JMP 7112000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!GetClassNameW 77A3EF2B 6 Bytes JMP 710F000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!EnumThreadWindows 77A3F3A8 6 Bytes JMP 70E2000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!FindWindowExA 77A3F6C1 6 Bytes JMP 70EE000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!EnumChildWindows 77A3F9EE 6 Bytes JMP 70DF000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!CreateWindowExW 77A41305 6 Bytes JMP 7109000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!GetShellWindow 77A42032 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[6000] USER32.dll!GetShellWindow + 4 77A42036 2 Bytes [A4, 71] .text C:\Windows\system32\svchost.exe[6000] USER32.dll!GetClassInfoExW 77A47DA7 6 Bytes JMP 711B000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!GetClassInfoW 77A47F13 6 Bytes JMP 7115000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!UnregisterClassW 77A47FDE 6 Bytes JMP 7121000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!EnumWindows 77A482FE 6 Bytes JMP 70E5000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!FindWindowW 77A4A441 6 Bytes JMP 70EB000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!CreateDialogParamA 77A517AA 6 Bytes JMP 70FD000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!CreateDialogIndirectParamA 77A526F1 6 Bytes JMP 70A6000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!CreateDialogIndirectParamW 77A59A62 6 Bytes JMP 70A9000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!DialogBoxParamW 77A610B0 6 Bytes JMP 70FA000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!FindWindowExW 77A6260C 6 Bytes JMP 70F1000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!DialogBoxIndirectParamAorW 77A62EB6 6 Bytes JMP 70F4000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!DialogBoxIndirectParamW 77A62EF5 6 Bytes JMP 70A1000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!DialogBoxParamA 77A78152 6 Bytes JMP 70F7000A .text C:\Windows\system32\svchost.exe[6000] USER32.dll!DialogBoxIndirectParamA 77A7847D 6 Bytes JMP 709E000A .text C:\Windows\system32\svchost.exe[6000] GDI32.dll!DeleteDC 77AD68CD 6 Bytes JMP 70C0000A .text C:\Windows\system32\svchost.exe[6000] GDI32.dll!CreateDCW 77ADA8D5 6 Bytes JMP 70C6000A .text C:\Windows\system32\svchost.exe[6000] GDI32.dll!CreateDCA 77ADAA01 6 Bytes JMP 70C9000A .text C:\Windows\system32\svchost.exe[6000] GDI32.dll!GetPixel 77ADBE48 6 Bytes JMP 70C3000A .text C:\Windows\system32\svchost.exe[6000] ole32.dll!CoCreateInstance 77469E4E 6 Bytes JMP 70CF000A .text C:\Windows\system32\svchost.exe[6000] rpcss.dll!WhichService 72833F84 8 Bytes CALL 5B136FFE ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [71FE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7203A6CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [71FEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [71FDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [71FE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [71FDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [72018305] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [71FEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [71FDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [71FDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [71FD71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7206CC10] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7200C840] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [71FDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [71FD6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [71FD687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [71FE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys Device \Driver\iaStor \Device\Ide\iaStor0 sfsync02.sys Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 sfsync02.sys Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 sfsync02.sys AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- EOF - GMER 2.1 ----